Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion
Дата
Msg-id CABUevEwoM6MRdVTNRKBzMNUxEdYibzsP0H_CMX+-V+kYCKCT0g@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion  (Michael Paquier <michael.paquier@gmail.com>)
Ответы Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion  (Petr Jelinek <petr.jelinek@2ndquadrant.com>)
Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion  (Michael Paquier <michael.paquier@gmail.com>)
Список pgsql-hackers
Дерево обсуждения


On Sun, Feb 19, 2017 at 2:01 AM, Michael Paquier <michael.paquier@gmail.com> wrote:
On Sun, Feb 19, 2017 at 9:50 AM, Michael Paquier
<michael.paquier@gmail.com> wrote:
> I have been poking at it, and yeah... I missed the fact that
> pg_subcription is not a view. I thought that check_conninfo was being
> called in this context only..

Still, storing plain passwords in system catalogs is a practice that
should be discouraged as base backup data can go over a network as
well... At least adding a note or a warning in the documentation would
be nice about the fact that any kind of security-sensitive data should
be avoided here.


Isn't that moving the goalposts quite a bit? We already allow passwords in CREATE USER MAPPING without any warnings against it (in fact, we suggest that's what you should do), which is a similar situation. Same goes for dblink.

If password auth is used, we have to store the password in plaintext equivalent somewhere. Meaning it's by definition going to be exposed to superusers and replication downstreams. Or are you suggesting a scheme whereby you have to enter all your subscription passwords in a prompt of some kind when starting the postmaster, to avoid it?


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Robert Haas
Дата:
Сообщение: Re: [HACKERS] Parallel Index-only scan
Следующее
От: Robert Haas
Дата:
Сообщение: Re: [HACKERS] [PATCH] Add pg_disable_checksums() and supporting infrastructure